CYBERSHEATH BLOG

Yanni Shainsky

Recent Posts

If you’re reading this blog, chances are, it’s your responsibility to understand and enforce your organization’s compliance with the latest PCI Data Security Standards. With the release of PCI DSS version 3.2, the PCI Security Standards Council General Manager Stephen Orfei explained that “PCI DSS 3.2 advocates that organizations focus on people, process and policy, with technology playing an important role in reducing the overall cardholder data footprint.” Privileged accounts and their management is the central point of where people, process, policy, technology and security converge. It is no surprise then that the PCI DSS 3.2 standards spend much of their time stressing the importance of protecting privileged accounts.

In the previous privileged account blog, we described the three main categories of privileged accounts: Local Accounts, Directory Accounts, and Application Accounts, as well as some of the best practices for maintaining those accounts.

In this week’s blog we will discuss the pros and cons of various privileged account access models.

For the purpose of our discussion, suppose we have a targetwindows-based server called “PrintServer01.” This server is a member of the domain and its primary function is that of a print server. Mostly the domain administrators need privileged access to this server, in order to provision new network printers or troubleshoot existing printers’ queues and drivers. There are various options for giving the domain administrators access to the server, which we will discuss from the least secure model to the most secure model.

This month CyberSheath co-sponsored a table with CyberArk at the annual California Tech Summit, at the convention center in Anaheim. We had a lot of great discussions with conference participants and conference presenters. Often times at events, like the Tech Summit, as a vendor you are asked many questions throughout the day regarding the service or product you are representing. One frequently asked question that came up was "what exactly is a privileged account?" In order to address that question, we should first discuss the various types of user and service accounts that exist in a typical enterprise.

There are three main types of accounts that exist: local accounts, directory accounts, and application accounts. We will take a look at them to discuss under which circumstances those accounts are typically considered “privileged,” although keep in mind that some organizations can have broader definitions of what it means for account to be privileged.

On June 18, 2015, NIST released the final version of SP 800-171, which provides guidance for protecting the confidentiality of Controlled Unclassified Information (CUI) residing in nonfederal information systems. In August 2015, DFARS clause 252.204-7012 replaced the original NIST 800-53 r4 controls with NIST 800-171, which we detailed earlier here. CyberSheath has integrated the requirements laid out in NIST 800-171 into our security assessment process that included all NIST 800-53 controls and in-depth reporting on the DFARS-specific controls.

Out of the new 800-171 controls, a handful deal specifically with privileged access. Privileged Account Management (PAM) is a way for organizations to manage credentials with administrative rights to ensure the accounts stay safe. CyberArk, a PAM solution and trusted CyberSheath partner, offer a suite of products designed to optimize privilege account creation while keeping the keys to the kingdom safe. The following is a list of top 7 ways in which CyberArk's PAM solution can help an organization meet the SP 800-171 guidelines:

There are many reasons to implement a Privileged Account/Identity Management (PAM) system, including audit and IT security standards compliance, risk mitigation, automation of password management, transparency of user activity, etc. Today we’d like to focus on some of the specific reasons why it is important to implement, maintain, and enforce the utilization of a PAM system for a company that is planning for, or foresees, a significant Reduction in Force (RIF).

As pundits are predicting a bear market in 2016, IT managers are starting to prepare their contingency plans for dealing with potentially hundreds or thousands of employees, whose employment will need to be terminated abruptly. A PAM solution can help mitigate some of the very real risks associated with terminating an employee, particularly one that has key access to IT systems. Employees may react differently in the face of termination. The most technical employee assets may instantly become the biggest liability. The terminating employee may have full administrative access to hundreds of critical servers and network appliances that comprise the environment, creating tremendous potential risk to the company.